cancel
Showing results for 
Search instead for 
Did you mean: 

"Unable to find valid certification path to requested target" when connecting to a server with a selfsigned certificate

SOLVED
Highlighted
New Member

"Unable to find valid certification path to requested target" when connecting to a server with a selfsigned certificate


Hi,



Im writing a plugin to integrate ReadyAPI with our 

​API

 management server. The plugin will get a swagger document uri from our server and we use the utility methods provided with the soapui-swagger-plugin to create the ReadyAPI project. Im getting the following error from the soapui-swagger-plugin/SwaggerUtils when using a https url.

Please note that our server uses a self

​ ​

signed certificate and I have set the following properties from our plugin.



        System.setProperty("javax.net.ssl.trustStore", PATH_TO_TRUST_STORE);

        System.setProperty("javax.net.ssl.trustStorePassword", TRUST_STORE_PASSWORD);

        System.setProperty("javax.net.ssl.trustStoreType", "JKS");



As a workaround we have changed the ready-api.sh(startup script) and added these parameters as JVM startup parameters and everything worked fine. But we are unable to proceed with that solution and need to  set them 


programmatically since our plugin will take these parameters from the user and we should have the flexibility to set them dynamically.

​​



Also could you please let us know whether setting such a System property is the correct way to define our own trust store in ReadyAPI?



07:46:21,536 ERROR [SoapUI] An error occurred [sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target], see error log for details

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)

    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1884)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:276)

    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:270)

    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1439)

    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:209)

    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:878)

    at sun.security.ssl.Handshaker.process_record(Handshaker.java:814)

    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1016)

    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)

    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)

    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:563)

    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.jav...

    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1300)

    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)

    at org.codehaus.groovy.runtime.ResourceGroovyMethods.configuredInputStream(ResourceGroovyMethods.java:1878)

    at org.codehaus.groovy.runtime.ResourceGroovyMethods.newReader(ResourceGroovyMethods.java:1946)

    at org.codehaus.groovy.runtime.ResourceGroovyMethods.getText(ResourceGroovyMethods.java:635)

    at org.codehaus.groovy.runtime.ResourceGroovyMethods.getText(ResourceGroovyMethods.java:607)

    at org.codehaus.groovy.runtime.dgm$789.doMethodInvoke(Unknown Source)

    at org.codehaus.groovy.reflection.GeneratedMetaMethod$Proxy.doMethodInvoke(GeneratedMetaMethod.java:70)

    at org.codehaus.groovy.runtime.metaclass.MethodMetaProperty$GetBeanMethodMetaProperty.getProperty(MethodMetaProperty.java:73)

    at org.codehaus.groovy.runtime.callsite.GetEffectivePojoPropertySite.getProperty(GetEffectivePojoPropertySite.java:61)

    at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:227)

    at com.smartbear.swagger.SwaggerUtils.createSwaggerImporter(SwaggerUtils.groovy:30)

 

Thanks,

Janaka
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Occasional Visitor

Re: "Unable to find valid certification path to requested target" when connecting to a ser

We faced the same problem when we developed a plugin. And we have decided that this is a user responsibility which certificates to trust (as it is made by browsers). We have just supplied a user with detailed instructions how to import a required certificate to JVM trust store. In fact, a user should just get a certificate file and invoke a command like this:

View solution in original post

3 REPLIES 3
Highlighted

Re: "Unable to find valid certification path to requested target" when connecting to a ser

Hi JRanabahu,

We faced the same problem when we developed a plugin. And we have decided that this is a user responsibility which certificates to trust (as it is made by browsers). We have just supplied a user with detailed instructions how to import a required certificate to JVM trust store. In fact, a user should just get a certificate file and invoke a command like this:

keytool -import -file certificate_file -alias alias_for_certificate -keystore R!API_installation_path\jre\lib\security\cacerts

 

There is still an important detail here. Java does stronger check of certificates, so you also need to attach HostNameVerifier to your UrlConnection object. The code should look like this:

        hv = new HostnameVerifier() {
            @Override
            public boolean verify(String hostName, SSLSession sslSession) {
                return true;
            }
        };

        if(connection instanceof HttpsURLConnection) ((HttpsURLConnection)connection).setHostnameVerifier(hv);

 

Alternatively, you may advise your users to install the SSL Workaround Plugin. However, you should take into account, that it actually switches off HTTPS security and, as far as I understand, might make testing of secure API incorrect.

 

Best regards,

Roman

Highlighted
Occasional Visitor

Re: "Unable to find valid certification path to requested target" when connecting to a ser

We faced the same problem when we developed a plugin. And we have decided that this is a user responsibility which certificates to trust (as it is made by browsers). We have just supplied a user with detailed instructions how to import a required certificate to JVM trust store. In fact, a user should just get a certificate file and invoke a command like this:

View solution in original post

Highlighted
New Member

Re: "Unable to find valid certification path to requested target" when connecting to a ser

As a workaround we have changed the ready-api.sh(startup script) and added these parameters as JVM startup parameters and everything worked fine. But we are unable to proceed with that solution and need to  set them 

 

 

 

NAT

NAT
New Here?
Join us and watch the welcome video:
Announcements
Building with the Collaborator API

Help Documenation
The Collaborator API is a JSON-RPC API that lets you integrate with Collaborator 9.0 and above. For more information about how the API works, check out the API description here:


Sample Plugins
For an example of an add-in that uses the API, take a look at the Microsoft Word Add-in for Collaborator:


We list all the great plugins our network has already built on this page on the SmartBear website.